Constant Guard Center warning

Hi,

I just got a warning email from Comcast's Constant Guard Center informing me that I may be infected with a Bot. However, I use Linux (Frugalware 1.3) fully patched. Could this be a false positive? 'chkrootkit' informs me that I'm OK.

The Constant Guardâ„¢ service has identified that one or more of your computers may be infected with a Bot. Please read on.

A Bot, also referred to as malicious software or malware, is used to gain control of your computer, typically without your knowledge. Online criminals can use Bots to collect your personal and private data, such as Social Security numbers, bank account information, and/or credit card numbers by monitoring your keystrokes. This can lead to identity theft and fraud!

We recommend that you visit the Comcast Constant Guard Center at https://constantguard.comcast.net for instructions to help you remove the Bot from your computer(s). We also advise that you keep your computer(s) protected by performing regular Operating System updates and by using Norton Security Suite anti-virus software.

Re: Constant Guard Center warning

Might be good to google "bots and malware" and "botnet". If a Robot has been installed on your machine so that someone can use your computer to make it perform some action in the background it might not appear as Malware on your scan.

Can you monitor for Internet transactions that occur without initiation by you?

Re: Constant Guard Center warning

Hi JamesR and thanks for the advice,

I guess the safest thing to do is to do a re-install. If I am rooted, then I guess I cannot trust anything my pc is telling me. I'm quitting Frugalware and installing Aptosid over this weekend. This seems safest.

Re: Constant Guard Center warning

Don't know that you have been hacked. Maybe you downloaded some music amd are now serving up music files off your hard drive or something like tthat. Or you have a service running that is appearing to function in a similar manner.

Seems like it would be worth putting up wireshark or something similar to monitor Internet activity to figure out what application or service is runniing along.

Re: Constant Guard Center warning

Hi JamesR,

I think I still need advice...

I decided not to go with Aptosid. Rather than let me reuse my /home/username, Aptosid wanted me to istall to one partition and thern edit my fstab. I could have done it, but I just didn't feel like playing arounds. So, I decided to take the easy way: I'm running Ubuntu 10.04 i386. I installed last night. I installed Firestarter an d even configged it to "Block traffic from reserved addresses on public intefaces." I also installed and edited "denyhosts."

Today, I got another warning email from Constant Guard Center. Same thing.

Re: Constant Guard Center warning

Hi JamesR,

I think I still need advice...

I decided not to go with Aptosid. Rather than let me reuse my /home/username, Aptosid wanted me to istall to one partition and thern edit my fstab. I could have done it, but I just didn't feel like playing arounds. So, I decided to take the easy way: I'm running Ubuntu 10.04 i386. I installed last night. I installed Firestarter an d even configged it to "Block traffic from reserved addresses on public intefaces." I also installed and edited "denyhosts."

Today, I got another warning email from Constant Guard Center. Same thing.

Re: Constant Guard Center warning

[ Edited ]

Comcast would not allow me to post a long message, so I'm afraid that this will be a 2-part message.

I also host an virtualized XP guest via VirtualBox. (I usually only run it only very occasionally. But, I installed a printer that isn't happy with Linux drivers. So, I have run Xp a bit more lately.) After installing Ubuntu, I installed VBox. I breifly started XP guest last night to verify that it still worked. After the 2nd warning email from Constant Guard Center, I ran some tests...

I ran Avira on XP guest: No problems.

I ran MalwareBytes on XP guest: No problems.

I ran ClamWin on XP guest: Problem.﻿

C:\Program Files\TestOut\sims\2003_06\Programs\XPFldrProp.exe

Heuristic FOUND

The "trojan" appears to have been found heuristically, not from a list of known trojans. This leads me to wonder if it is a real trojan at all. TestOut.com's LabSim software does "phone home" for updates, etc.

But, a Google search does seem to indicate that Trojan.SusPacked.FFXPU is real. But, I'm not finding any info on it other than it exists.

Re: Constant Guard Center warning

[ Edited ]

Hi ComcastSteve,

The closest major city is Pittsburgh, PA. If you want more detailed info, I'll be happy to send it along. But for my protection and privacy, I'd rather not go n to more detail in a public forum. I think we cam PM here?

Re: Constant Guard Center warning (Received 1/22/12)

Hi!

Just received this email supposedly from "Comcast Customer Security Assurance". I don't believe to be the case. I didn't follow the link (shown below) in the email. I have also given you the adresss, that supposedly, sent me this email. Please contact me as to the validity of this email.

The Constant Guard™ service has updated the Online Security of Comcast Users.

To link your account to our new update you just need to Relogin your account using the secure link bellow. The linkwill redirect you to our update login page. Simply login your account and the account will automaticly be updated.